蜜小雪 wrote:
後面阿伯一直稱讚我一次生了三個
他是預言你還會再生三個
個人積分:330370分
文章編號:68027475
個人積分:44977分
文章編號:68029443
只是把烤鴨精簡一點變得好吃.這樣老祖宗才會滿意.
NeverGiveUp!! wrote:
老祖宗鋼鐵壓軸版....(恕刪)
| /ip firewall address-list add address=192.168.88.2-192.168.88.254 list=LAN add address=0.0.0.0/8 list=BOGONS add address=10.0.0.0/8 list=BOGONS add address=100.64.0.0/10 list=BOGONS add address=127.0.0.0/8 list=BOGONS add address=169.254.0.0/16 list=BOGONS add address=172.16.0.0/12 list=BOGONS add address=192.0.0.0/24 list=BOGONS add address=192.0.2.0/24 list=BOGONS add address=192.88.99.0/24 list=BOGONS add address=192.168.0.0/16 list=BOGONS add address=198.18.0.0/15 list=BOGONS add address=198.51.100.0/24 list=BOGONS add address=203.0.113.0/24 list=BOGONS add address=224.0.0.0/3 list=BOGONS add address=224.0.0.0/4 list=BOGONS add address=240.0.0.0/4 list=BOGONS /ip firewall nat add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp \ to-ports=53 add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53 add action=masquerade chain=srcnat comment="IP Masquerading" \ src-address-list=LAN /ip firewall filter add action=accept chain=input comment=\ "Accept established&related(Input) packets" connection-state=\ established,related add action=accept chain=input comment=\ "Accept all connections from local network" src-address-list=LAN add action=drop chain=input comment="drop login brute forcers 1" dst-port=\ 21,22,23,8291 log=yes protocol=tcp src-address-list=login_blacklist add action=add-src-to-address-list address-list=login_blacklist \ address-list-timeout=4d chain=input comment="drop login brute forcers 2" \ connection-state=new dst-port=21,22,23,8291 protocol=tcp add action=drop chain=input comment="Drop Reports&Targets&Sources 01" \ dst-port=\ 53,81,137,445,1433,2000,2222,2323,3306,5060,5355,5900,7547,8082,8545 log=\ yes protocol=tcp src-address-list=BlockReports01 add action=add-src-to-address-list address-list=BlockReports01 \ address-list-timeout=4d chain=input connection-state=new dst-port=\ 53,81,137,445,1433,2000,2222,2323,3306,5060,5355,5900,7547,8082,8545 \ protocol=tcp add action=drop chain=input comment="Drop Reports&Targets&Sources 02" \ dst-port=9160,7777,5555,389,80,67 log=yes protocol=tcp src-address-list=\ BlockReports02 add action=add-src-to-address-list address-list=BlockReports02 \ address-list-timeout=4d chain=input connection-state=new dst-port=\ 9160,7777,5555,389,80,67 protocol=tcp add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment=\ "Drop port scanners\A1GPort scanners to list" log=yes protocol=tcp psd=\ 21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" log=\ yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/FIN scan" log=yes \ protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/RST scan" log=yes \ protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" log=yes \ protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="ALL/ALL scan" log=yes \ protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP NULL scan" log=yes \ protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input comment="dropping port scanners" log=yes \ src-address-list="port scanners" add action=drop chain=input comment=\ "Drop all packets which are not destined to routes IP address" \ dst-address-type=!local add action=drop chain=input comment=\ "Drop all packets which does not have unicast source IP address" \ src-address-type=!unicast add action=drop chain=input comment="Drop all packets from bogons\\ \\_internet which should not exist in bogons network" \ in-interface=pppoe-out1 src-address-list=BOGONS add action=drop chain=input comment="Drop Rule - Input Chain" log=yes \ log-prefix="Drop All" add action=accept chain=forward comment=\ "Accept established&related(Forward) packets" connection-state=\ established,related add action=drop chain=forward comment="Drop invalid(Forward)" \ connection-state=invalid add action=drop chain=forward comment=\ "Drop new connections from internet which are not dst-natted" \ connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1 add action=drop chain=forward comment="Drop all packets from bogons\\ \\_internet which should not exist in public network" \ in-interface=pppoe-out1 src-address-list=BOGONS add action=drop chain=forward comment="Drop all packets from\\ \\_local network to internet which should not exist in bogons network" \ dst-address-list=BOGONS in-interface=bridge add action=drop chain=forward comment="Drop all packets in local\\ \\_network which does not have local network address" \ in-interface=bridge src-address=!192.168.88.0/24 /system scheduler add comment="Check and set NTP servers" interval=6h name=SetNtpServers \ on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\ # v1.2 Tested and Developed on ROS v5.7\\ #\\ # Change the following line as needed as progName should match script na\\ me \\ :local progName \\"SetNtpServers\";\ \ # Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\ \_two, a primary & secondary\ # Modify the following line and array variable based on your locale (def\ ault is north america).\ :local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ # Alternatively the US related pool below can be used. \ #:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ #\ # No modification is necessary beyond this line.\ :put \"\$progName: Running...\";\ :log info \"\$progName: Running...\";\ :set arrNtpSystems [ :toarray \$arrNtpSystems ];\ :if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \ )) do={ \ :put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \ be either one or two DNS names.\";\ :log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \ must be either one or two DNS names.\";\ } else={\ :local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\ :local i 0;\ :foreach strNtpSystem in (\$arrNtpSystems) do={\ :local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\ :local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\ :local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\ ng ];\ :put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\ o \$ipAddrNtpSystem.\";\ :log info \"\$progName: NTP server DNS name \$strNtpSystem resol\ ves to \$ipAddrNtpSystem.\";\ :put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\ rrentNtpIp.\";\ :log info \"\$progName: Current \$strRosNtpSetting setting is \$\ strCurrentNtpIp.\";\ :if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\ \_) do={\ :put \"\$progName: Changing \$strRosNtpSetting setting to \$\ ipAddrNtpSystem.\";\ :log info \"\$progName: Changing \$strRosNtpSetting setting \ to \$ipAddrNtpSystem.\";\ :local strCommand [ :parse \"/system ntp client set \$strRos\ NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\ \$strCommand;\ } else={\ :put \"\$progName: No changes were made for the \$strRosNtpS\ etting NTP setting.\";\ :log info \"\$progName: No changes were made for the \$strRo\ sNtpSetting NTP setting.\";\ }\ :set i (\$i + 1);\ }\ }\ :put \"\$progName: Done.\";\ :log info \"\$progName: Done.\";" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add comment=Download_Ads_List interval=24h name=DownloadAdsList \ on-event="/system script run Blocklister_download_Ads" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=25h name=DownloadSpywareList on-event=\ "/system script run Blocklister_download_Spyware" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=26h name=DownloadMalwaredomainlistList on-event=\ "/system script run Blocklister_download_Malwaredomainlist" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=27h name=DownloadHijackedList on-event=\ "/system script run \ Blocklister_download_Hijacked" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup /system script add name=Blocklister_download_Ads owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/ads\" dst-path=\"ads.rsc\";\ \_/import file-name=\"ads.rsc\";" add name=Blocklister_download_Spyware owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/spyware\" dst-path=\"spywar\ e.rsc\"; /import file-name=\"spyware.rsc\";" add name=Blocklister_download_Malwaredomainlist owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/malwaredomainlist\" dst-pat\ h=\"malwaredomainlist.rsc\"; /import file-name=\"malwaredomainlist.rsc\";" add name=Blocklister_download_Hijacked owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/hijacked\" dst-path=\"hijac\ ked.rsc\"; /import file-name=\"hijacked.rsc\";" /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set irc disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip hotspot service-port set ftp disabled=yes /ip ipsec policy set 0 disabled=yes /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set winbox disabled=yes set api-ssl disabled=yes /ip upnp set show-dummy-rule=no /ip cloud set update-time=no /ip firewall connection tracking set enabled=auto /ip settings set rp-filter=no tcp-syncookies=no /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 \ network=192.168.88.0 /interface list member add comment=defconf interface=ether2 list=LAN add comment=defconf interface=ether1 list=WAN add interface=pppoe-out1 list=WAN /ip firewall raw add action=drop chain=prerouting comment="Block PortScanners" log=yes \ src-address-list="port scanners" add action=drop chain=prerouting log=yes src-address-list=login_blacklist add action=drop chain=prerouting log=yes dst-address-list=ads_list add action=drop chain=prerouting comment="Drop Spyware" log=yes \ dst-address-list=spyware_list add action=drop chain=prerouting log=yes dst-address-list=hijacked_list add action=drop chain=prerouting log=yes dst-address-list=\ malwaredomainlist_list add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" \ log=yes dst-port=3544,3545 protocol=udp src-port=1024-65535 add action=drop chain=prerouting comment="Block&Drop Other...etc." log=yes \ src-address=216.218.206.0/24 add action=drop chain=prerouting comment="Drop Reports&Targets&Sources" \ log=yes src-address-list=BlockReports01 add action=drop chain=prerouting log=yes src-address-list=BlockReports02 |
對噢!中繼AP設定在補一下更正.其實只須改TS就行了.其餘可以原廠值.
blink-182 - Heart's All Gone
blink-182 - Feeling This人品是做人最好的底牌.
個人積分:16045分
文章編號:68030000
個人積分:275分
文章編號:68032370
個人積分:330370分
文章編號:68032513
個人積分:44977分
文章編號:68033754
這是Monkey~Tik的ROS.這版本已趨近完整.不過轉發規則不建議阻擋放在通過前面.
故在運行過程中.無線確實會遇到干擾.隸屬正常.轉發阻擋通過時主機對電腦或裝置的無效封包.
所以稍修正排序.其餘規則我也試過.效果沒有這版本好.這版本已達到接近無需動腦的通用規則.
leon650325 wrote:--
看不懂溜
Deadpool 2 | The Trailer人品是做人最好的底牌.
個人積分:23726分
文章編號:68035269
個人積分:330370分
文章編號:68040325
KingDavid520 wrote:
不多玩幾天啊?...(恕刪)
他可能
上身才出現了,屬於剛好沒有美女在身邊的空檔,每年以秒計算最近中美貿易戰好像很火熱,我是認為最大的機率還是談判,實際的規模還是有,但不會太大
引發的是美國政府,看了一些資料,我一直在想美國政府談判中想要的是什麼
高等的談判雙方都會猜測對方的底線和需求
中國來說,以經濟的角度看,在擁有夠實質自己外匯(扣掉外資來投資部分,安全金額大概落在2.5兆美元)外,太多的出超傷害福利,且從貨幣金融的角度看,會對國內經濟產生扭曲,往均衡走其實對中國最有利
以我的看法,縮小差異兩邊可以有大方向的共識,但細部沒那麼容易談
美國來說,大量貿易逆差不是從中國開始,上個世紀的日、德、台、.....等等都遇到過
台灣過去的經驗也是官員到美國採購,但更厲害的逼迫貨幣升值,最有名的應該就是廣場協議了
RMB升值的要求曾經有過一大段時間,但美國發現中國崛起的時間點太慢,要用強力壓制的時候中國具備相當的抵抗能力,RMB的升值跟廣場協議比,可以說沒升值
國際收支帳的兩國均衡,這個可能懂得人少得多,最簡單的就是讓中國多買美債,這點可以從日本看到實際現象,日本一直對美國貿易大量順差,持有美債金額趨勢看也是持續上升
美國政府現在面臨的財政狀態是很差的
剛剛進行了大量的減稅,未來兩年的當年財政赤字都各自超過一兆
而美國正在利率(從價)往上的階段,對美國的財政更雪上加霜
所以我猜這次談判的重點之一是拉中國舒緩一下美國財政
有一直觀察美國經濟的應該可以注意到,當川普推減稅的時候,他有拿個東西來舒緩財政壓力:美國的戰備原油
美國國內的原油開採量逐年往上,對戰備儲油的量是可以調節的,價格不錯賣掉一些量,對舒緩美國政府財政有極大的幫助
而目前全球石油進口最大量是中國,賣給中國是個好想法,中國也需要
當然詳細的得談判慢慢談,價格、數量可不是好談的
方式上當然也不能直接交易這麼粗糙,這樣太難看,得有點細膩的方式
以上是亂猜的,放假無聊亂寫一下
一雙玉臂千人枕、半點朱唇萬客嚐,還君明珠雙淚垂、恨不相逢未嫁時
個人積分:44977分
文章編號:68041991
個人積分:44977分
文章編號:68041992
順序已排好.
| /ip firewall address-list add address=192.168.88.2-192.168.88.254 list=LAN add address=0.0.0.0/8 list=BOGONS add address=10.0.0.0/8 list=BOGONS add address=100.64.0.0/10 list=BOGONS add address=127.0.0.0/8 list=BOGONS add address=169.254.0.0/16 list=BOGONS add address=172.16.0.0/12 list=BOGONS add address=192.0.0.0/24 list=BOGONS add address=192.0.2.0/24 list=BOGONS add address=192.88.99.0/24 list=BOGONS add address=192.168.0.0/16 list=BOGONS add address=198.18.0.0/15 list=BOGONS add address=198.51.100.0/24 list=BOGONS add address=203.0.113.0/24 list=BOGONS add address=224.0.0.0/3 list=BOGONS add address=224.0.0.0/4 list=BOGONS add address=240.0.0.0/4 list=BOGONS /ip firewall nat add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp \ to-ports=53 add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53 add action=masquerade chain=srcnat comment="IP Masquerading" \ src-address-list=LAN /ip firewall filter add action=drop chain=forward comment="Drop LAN -> UDP(53,433)" \ dst-port=53,443 log-prefix="Drop LAN -> UDP(53,433)" protocol=udp \ src-address-list=LAN add action=drop chain=input comment="drop login brute forcers 1" \ dst-port=21,22,23,8291 log=yes protocol=tcp src-address-list=\ login_blacklist add action=add-src-to-address-list address-list=login_blacklist \ address-list-timeout=4d chain=input comment="drop login brute\\ \\_forcers 2" connection-state=new dst-port=21,22,23,8291 protocol=tcp add action=drop chain=input comment="Drop Reports&Targets&Sources 01" \ dst-port=\ 53,81,137,445,1433,2000,2222,2323,3306,5060,5355,5900,7547,8082,8545 log=\ yes protocol=tcp src-address-list=BlockReports01 add action=add-src-to-address-list address-list=BlockReports01 \ address-list-timeout=4d chain=input connection-state=new dst-port=\ 53,81,137,445,1433,2000,2222,2323,3306,5060,5355,5900,7547,8082,8545 \ protocol=tcp add action=drop chain=input comment="Drop Reports&Targets&Sources 02" \ dst-port=9160,7777,5555,389,80,67 log=yes protocol=tcp src-address-list=\ BlockReports02 add action=add-src-to-address-list address-list=BlockReports02 \ address-list-timeout=4d chain=input connection-state=new dst-port=\ 9160,7777,5555,389,80,67 protocol=tcp add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment=\ "Drop port scanners\A1GPort scanners to list" log=yes protocol=tcp \ psd=21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" log=\ yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/FIN scan" log=yes \ protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/RST scan" log=yes \ protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" log=yes \ protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="ALL/ALL scan" log=yes \ protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP NULL scan" log=yes \ protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input comment="dropping port scanners" log=yes \ src-address-list="port scanners" add action=drop chain=input comment="Drop Invalid(Input) packets" \ connection-state=invalid add action=accept chain=input comment=\ "Accept established&related(Input) packets" connection-state=\ established,related add action=accept chain=input comment=\ "Accept all connections from local network" src-address-list=LAN add action=drop chain=input comment=\ "Drop all packets which are not destined to routes IP address" \ dst-address-type=!local add action=drop chain=input comment=\ "Drop all packets which does not have unicast source IP address" \ src-address-type=!unicast add action=drop chain=input comment="Drop all packets from bogons\\ \\_internet which should not exist in public network" in-interface=\ pppoe-out1 src-address-list=BOGONS add action=drop chain=forward comment="Drop SSH" dst-port=22 protocol=tcp add action=jump chain=forward comment="Make jumps to Virus ports chain" \ jump-target=virus add action=drop chain=forward comment="Drop invalid(Forward)" \ connection-state=invalid add action=accept chain=forward comment=\ "Accept established&related(Forward) packets" \ connection-state=established,related add action=drop chain=forward comment="Drop new connections\\ \\_from internet which are not dst-natted" connection-nat-state=!dstnat \ connection-state=new in-interface=pppoe-out1 add action=drop chain=forward comment="Drop all packets from \\ \\_bogons internet which should not exist in bogons network" \ in-interface=pppoe-out1 src-address-list=BOGONS add action=drop chain=forward comment="Drop all packets from local\\ \\_network to internet which should not exist in bogons network" \ dst-address-list=BOGONS in-interface=bridge add action=drop chain=forward comment="Drop all packets in\\ \\_local network which does not have local network address" \ in-interface=bridge src-address=!192.168.88.0/24 add action=drop chain=virus comment="Drop Blaster Worm" \ dst-port=135-139 protocol=tcp add action=drop chain=virus comment="Drop Messenger Worm" \ dst-port=135-139 protocol=udp add action=drop chain=virus comment="Drop Blaster Worm" \ dst-port=445 protocol=tcp add action=drop chain=virus comment="Drop Blaster Worm" \ dst-port=445 protocol=udp add action=drop chain=virus comment="Drop 593" \ dst-port=593 protocol=tcp add action=drop chain=virus comment="Drop 995-999" \ dst-port=995-999 protocol=tcp add action=drop chain=virus comment="Drop 1024-1030" \ dst-port=1024-1030 protocol=tcp add action=drop chain=virus comment="Drop MyDoom" \ dst-port=1080 protocol=tcp add action=drop chain=virus comment="Drop 1214" \ dst-port=1214 protocol=tcp add action=drop chain=virus comment="Drop ndm requester" \ dst-port=1363 protocol=tcp add action=drop chain=virus comment="Drop ndm server" \ dst-port=1364 protocol=tcp add action=drop chain=virus comment="Drop screen cast" \ dst-port=1368 protocol=tcp add action=drop chain=virus comment="Drop hromgrafx" \ dst-port=1373 protocol=tcp add action=drop chain=virus comment="Drop cichlid" \ dst-port=1377 protocol=tcp add action=drop chain=virus comment="Drop Worm" \ dst-port=1433-1434 protocol=tcp add action=drop chain=virus comment="Drop Bagle Virus" \ dst-port=2745 protocol=tcp add action=drop chain=virus comment="Drop Dumaru.Y" \ dst-port=2283 protocol=tcp add action=drop chain=virus comment="Drop Beagle" \ dst-port=2535 protocol=tcp add action=drop chain=virus comment="Drop Beagle.C-K" \ dst-port=2745 protocol=tcp add action=drop chain=virus comment="Drop MyDoom" \ dst-port=3127-3128 protocol=tcp add action=drop chain=virus comment="Drop Backdoor OptixPro" \ dst-port=3410 protocol=tcp add action=drop chain=virus comment="Drop Worm" \ dst-port=4444 protocol=tcp add action=drop chain=virus comment="Drop Worm" \ dst-port=4444 protocol=udp add action=drop chain=virus comment="Drop beagle worm" \ dst-port=4751 protocol=tcp add action=drop chain=virus comment="Drop Sasser" \ dst-port=5554 protocol=tcp add action=drop chain=virus comment="Drop Beagle.B" \ dst-port=8866 protocol=tcp add action=drop chain=virus comment="Drop Dabber.A-B" \ dst-port=9898 protocol=tcp add action=drop chain=virus comment="Drop Dumaru.Y" \ dst-port=10000 protocol=tcp add action=drop chain=virus comment="Drop MyDoom.B" \ dst-port=10080 protocol=tcp add action=drop chain=virus comment="Drop NetBus" \ dst-port=12345 protocol=tcp add action=drop chain=virus comment="Drop Kuang2" \ dst-port=17300 protocol=tcp add action=drop chain=virus comment="Drop SubSeven" \ dst-port=27374 protocol=tcp add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" \ dst-port=65506 protocol=tcp add action=drop chain=input comment="Drop Rule - Input Chain" \ log=yes log-prefix="Drop All" /system scheduler add comment="Check and set NTP servers" interval=6h name=SetNtpServers \ on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\ # v1.2 Tested and Developed on ROS v5.7\\ #\\ # Change the following line as needed as progName should match script na\\ me \\ :local progName \\"SetNtpServers\";\ \ # Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\ \_two, a primary & secondary\ # Modify the following line and array variable based on your locale (def\ ault is north america).\ :local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ # Alternatively the US related pool below can be used. \ #:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ #\ # No modification is necessary beyond this line.\ :put \"\$progName: Running...\";\ :log info \"\$progName: Running...\";\ :set arrNtpSystems [ :toarray \$arrNtpSystems ];\ :if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \ )) do={ \ :put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \ be either one or two DNS names.\";\ :log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \ must be either one or two DNS names.\";\ } else={\ :local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\ :local i 0;\ :foreach strNtpSystem in (\$arrNtpSystems) do={\ :local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\ :local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\ :local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\ ng ];\ :put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\ o \$ipAddrNtpSystem.\";\ :log info \"\$progName: NTP server DNS name \$strNtpSystem resol\ ves to \$ipAddrNtpSystem.\";\ :put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\ rrentNtpIp.\";\ :log info \"\$progName: Current \$strRosNtpSetting setting is \$\ strCurrentNtpIp.\";\ :if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\ \_) do={\ :put \"\$progName: Changing \$strRosNtpSetting setting to \$\ ipAddrNtpSystem.\";\ :log info \"\$progName: Changing \$strRosNtpSetting setting \ to \$ipAddrNtpSystem.\";\ :local strCommand [ :parse \"/system ntp client set \$strRos\ NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\ \$strCommand;\ } else={\ :put \"\$progName: No changes were made for the \$strRosNtpS\ etting NTP setting.\";\ :log info \"\$progName: No changes were made for the \$strRo\ sNtpSetting NTP setting.\";\ }\ :set i (\$i + 1);\ }\ }\ :put \"\$progName: Done.\";\ :log info \"\$progName: Done.\";" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add comment=Download_Ads_List interval=24h name=DownloadAdsList \ on-event="/system script run Blocklister_download_Ads" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=25h name=DownloadSpywareList on-event=\ "/system script run Blocklister_download_Spyware" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=26h name=DownloadMalwaredomainlistList on-event=\ "/system script run Blocklister_download_Malwaredomainlist" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=27h name=DownloadHijackedList on-event=\ "/system script run \ Blocklister_download_Hijacked" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup /system script add name=Blocklister_download_Ads owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/ads\" dst-path=\"ads.rsc\";\ \_/import file-name=\"ads.rsc\";" add name=Blocklister_download_Spyware owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/spyware\" dst-path=\"spywar\ e.rsc\"; /import file-name=\"spyware.rsc\";" add name=Blocklister_download_Malwaredomainlist owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/malwaredomainlist\" dst-pat\ h=\"malwaredomainlist.rsc\"; /import file-name=\"malwaredomainlist.rsc\";" add name=Blocklister_download_Hijacked owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/hijacked\" dst-path=\"hijac\ ked.rsc\"; /import file-name=\"hijacked.rsc\";" /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set irc disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip hotspot service-port set ftp disabled=yes /ip ipsec policy set 0 disabled=yes /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set winbox disabled=yes set api-ssl disabled=yes /ip upnp set show-dummy-rule=no /ip cloud set update-time=no /ip firewall connection tracking set enabled=auto /ip settings set rp-filter=no tcp-syncookies=no /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 \ network=192.168.88.0 /interface list member add comment=defconf interface=ether2 list=LAN add comment=defconf interface=ether1 list=WAN add interface=pppoe-out1 list=WAN /ip firewall raw add action=drop chain=prerouting comment="Block PortScanners" log=yes \ src-address-list="port scanners" add action=drop chain=prerouting log=yes src-address-list=login_blacklist add action=drop chain=prerouting log=yes dst-address-list=ads_list add action=drop chain=prerouting comment="Drop Spyware" log=yes \ dst-address-list=spyware_list add action=drop chain=prerouting log=yes dst-address-list=hijacked_list add action=drop chain=prerouting log=yes dst-address-list=\ malwaredomainlist_list add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" \ log=yes dst-port=3544,3545 protocol=udp src-port=1024-65535 add action=drop chain=prerouting comment="Block&Drop Other...etc." log=yes \ src-address=216.218.206.0/24 add action=drop chain=prerouting comment="Drop Reports&Targets&Sources" \ log=yes src-address-list=BlockReports01 add action=drop chain=prerouting log=yes src-address-list=BlockReports02 |
Travis Barker - Let's Go ft. Yelawolf, Twista, Busta Rhymes, Lil Jon人品是做人最好的底牌.
